<?php

class Access_user {
	private $dbHost;
	private $dbUser;
	private $dbPass;
	private $dbName;
	private $userName;
	private $password;
	public $totalCount;
	public $connected;
	public $accessType;

	function __construct($dbHost, $dbUser, $dbPass, $dbName) {
		$this->dbHost = $dbHost;
		$this->dbUser = $dbUser;
		$this->dbPass = $dbPass;
		$this->dbName = $dbName;
		$this->connected = $this->connect_db();
	}

	public function login_user($userName, $password) {
		if($userName == '' && $password == ''){
		 return (-1);
		}

		$this->userName = mysql_real_escape_string($userName);
		$this->password = md5(mysql_real_escape_string($password));

		$query = sprintf("SELECT * FROM user WHERE name = '%s' AND password = '%s' "
			,	mysql_escape_string($this->userName)
			,	mysql_escape_string($this->password)
		);

		if($result = mysql_fetch_array(mysql_query($query))) {
			if ( ($result['name'] == $this->userName) && ($result['password'] == $this->password) ) {
				$this->accessType = $result['permission'];
				$this->set_user();
				if ($this->accessType == 'DATAENTRY') {
					return (0);
				} else {
				 return (1);
				}
			} else {
				return (-1);
			}
		} else {
			return (-1);
		}

	}

	function connect_db() {
		$connection = @mysql_connect( $this->dbHost, $this->dbUser, $this->dbPass );
		if ($connection == false) return(false);
		mysql_select_db( $this->dbName,$connection );
		return(true);
	}

	function set_user() {
		$_SESSION['user'] = $this->userName;
		$_SESSION['user_id'] = $this->user_id;
		$_SESSION['pw'] = $this->password;
		$_SESSION['accessType'] = $this->accessType;
		return true;
	}

	public function log_out() {
		unset($_SESSION['user']);
		unset($_SESSION['pw']);
		unset($_SESSION['user_id']);
		unset($_SESSION['accessType']);
		return (true);
	}

	function addUser($userName, $email, $accessType, $password) {
		$query = sprintf ("INSERT INTO user (name, email, permission, password) VALUES ('%s', '%s', '%s', md5('%s'))"
			,	mysql_escape_string($userName)
			,	mysql_escape_string($email)
			,	mysql_escape_string($accessType)
			,	mysql_escape_string($password)
		);

		$result = @mysql_query($query);
		if (mysql_affected_rows() > 0) {
			return(true);
		} else {
			return(false);
		}
	}

	function updateUser($id, $name, $email, $permission, $password) {
		if ($password == ''){
			$query = sprintf("UPDATE user SET name = '%s', email = '%s', permission = '%s'  WHERE user_id = '%s' "
				,	mysql_escape_string($name)
				,	mysql_escape_string($email)
				,	mysql_escape_string($permission)
				,	mysql_escape_string($id)
			);
		} else {
			$query = sprintf("UPDATE user SET name = '%s', email = '%s', permission = '%s', password = md5('%s')  WHERE user_id = '%s' "
				,	mysql_escape_string($name)
				,	mysql_escape_string($email)
				,	mysql_escape_string($permission)
				,	mysql_escape_string($password)
				,	mysql_escape_string($id)
			);
		}
		$result = @mysql_query($query);
		if (mysql_affected_rows() > 0) {
			return(true);
		} else {
			return(false);
		}
	}

	function deleteUser($id) {
		$query = sprintf("DELETE FROM user WHERE user_id = %s"
			,	mysql_escape_string($id)
		);
		$result = @mysql_query($query);
		if (mysql_affected_rows() > 0) {
			return(true);
		} else {
			return(false);
		}
	}

	public function getUsers() {
		$query = sprintf ( "SELECT user_id, name, email, permission FROM user" );
		$result = @mysql_query($query);
		$this->totalCount = mysql_num_rows($result);
		if($result) {
			while($row = mysql_fetch_array($result)){
				$userId = $row['user_id'];
				$name = $row['name'];
				$email = $row['email'];
				$permission = $row['permission'];
				$posts[] = array('user_id' => $userId, 'name' => $name,  'email' => $email, 'permission' => $permission);
			}
				return ($posts);
		} else {
			return (false);
		}
	}

	public function getCount() {
		return ($this->totalCount);
	}

	public function is_logged_in() {
		if ((isset($_SESSION['user']) && isset($_SESSION['pw']))) {
			return (true);
		} else {
			return (false);
		}
	}

}
?>